Re: XP Policies (like PolEdit)

From: Daniel Kerr (dkerr_at_satx.rr.com)
Date: 09/02/03 

Date: Tue, 2 Sep 2003 16:40:07 -0500

DOH, didn't even think of that. I also just got some 2K templates I have
used on my 2K terminal server that I'm gonna try importing into the poledit
and see if I can get that to work... but that's a great idea... I might try
that one next.

Only "issue" I would be concerned with is if it executed immediately when I
re-add permissions... IE, I go to make a change, add the allow access to
that folder back to admins, then BAM I lose everything... The changes I was
making in the group policy were effective immediately, and not on
logon/logoff so kinda worried.. hehehe

"David Jones" <kk7gw@yahoo.com> wrote in message
news:059f01c37198$38a968a0$a101280a@phx.gbl...
> When you're finished setting the policy, but before you
> logoff/reboot, change the NTFS permissions on the
> \Windows\system32\grouppolicy folder to Deny access to
> Administrators (or whoever you want the policy to NOT
> apply to).
>
> When you need to change the policy, you'll need to remove
> that Deny permission to change it.
>
> Note that you should also make sure the only accessible
> things are the keyboard and mouse, because with physical
> access to a computer case (or floppy drive/CD drive/etc)
> it is possible to do a wide variety of things that would
> get around this.
>
> Also make sure all Administrator level accounts are
> password protected with strong passwords, and those
> passwords change relatively frequently.
>
> There's a host of other ways to secure the system as
> well, but that's a good starting point.
>
> >-----Original Message-----
> >Ok, here's the deal.
> >
> >I am about to deploy a PC to a public area. The ONLY
> thing I want people to
> >be able to do is open IE, and of course lock it to say 3
> of our websites.
> >In Win98 or even NT this would not be very hard at all.
> I would simply open
> >PolEdit, make an account for either the group or
> username, and then apply
> >the restrictions. This way, when the user logs in, they
> lose all access to
> >everything in the computer (control panel, etc), yet I
> can get in under the
> >admin account that doesn't have this policy applied and
> make changes.
> >
> >So far I have been beating my head in trying to get a
> solution to this
> >problem. It seems XP Pro wants to use the group
> policy. That's wonderful
> >as it has all the settings I want to change, but only
> one catch. These all
> >seem to be machine settings. IE, I remove the shutdown
> button from the
> >start menu, my admin account also has it gone. As you
> can see, this is a
> >huge issue as I don't want to lock myself out of doing
> things to the
> >computer.
> >
> >Due to the insecure nature of this system, we do NOT
> want it on our domain
> >(or even on our network for that matter). So, does
> anyone have a solution?
> >PolEdit from the OfficeXP resource kit would work, but
> it won't let me add
> >the system settings that I want...
> >
> >Any help will be GREATLY appreciated.
> >
> >Thanks for any assistance you guys can give...
> >
> >
> >.
> >